It has been a crazy day in crypto town. Major cryptocurrency exchange and derivative platform BitMEX goofed up big time today. Call it a mishap or software glitch, it might expose 22,000 users to phishing attacks.
At 8:00 UTC today BitMEX software sent out a regular indices update mass email to its users. It turned out to be a disaster. Instead of mentioning the user email ids in BCC, it used the CC option. Now the world knows who is using BitMEX for trading.
BitMEX reassured the world that no other user information disclosure happened. Nonetheless, this error is embarrassing enough.
The hackers are already claiming to have laid hands on these leaked email ids. In the other world, the Telegram App already has a BitMEX hack group. And the twitter handle @TheCrypt0Mask claims to have access to 229 mails and their multiple passwords. He must be already sending out emails to these ids from yandex.com.
Meanwhile effected BitMEX users are being advised to take following protective measures:
Use strong and unique passwords
Enabling a Two-Factor Authentication (2FA) for all of the accounts
Binance and Bitfinex Alert Users
The email id leak has shaken the entire crypto ecosystem. That said, Binance and Bitfinex fear the users might be using the same email ids on their platforms. Therefore have requested users to use a unique id and password for accounts on every exchange.
Furthermore, it seems to have triggered a series of unfortunate events for BitMEX
Twitter account hacked
Over an hour ago, the BitMEX twitter handle also got hacked. But the company took control immediately. As the alarming tweets stand deleted on the official handle now.
Withdrawal Disabled – FUD
Panic had peaked among the BitMEX users. In a hurry, people started changing their passwords. And this activated their withdrawal disablement mode for 24-48 hours (as per the password change policy). For those who did not change anything, the withdrawal processing remains unaffected.
Apart from the email id leaks, everything looks ok with BitMEX and the company claims the funds are safe as always.